Good day,
My goal is to configure an openldap directory for
our small office that will hold my officemates
miscellaneous details. So far I already configured a
working heimdal kerberos authentication and get my
self a bit familiar with its operation. I also manage
to get GSSAPI work using sample-client/server. I even
successfully added the sample entry in my database,
the one that was provided by Administration
Guide(example.com etc.) in Quick Start Guide. Now I
would like to create some entries of my own using
ldapadd/slapadd, but my problem is that the portion in
the Admin Guide which discusses schema only refers to
extending schema and not with "beginning with schema"
or something else which addresses newbies. ldif(5)
won't help either because it only includes sample
entries but didn't explained where it got those
miscellaneous attrdesc like "dn" and "cn" and why are
they needed. With this, I have a few questions
floating in my mind:
1. First of all, looking at the example.com ldif on
Quick Start Guide, there were two entries. The first
entry has a dn: dc=example,dc=com. Does this mean that
if I were to create person entries under a particular
domain or let's say an organization, I will need to
place that domain/organization entry above the person
entry I am creating?
What if that domain/organization entry already exists
or let's say other entries, and if I were to add some
entries at the bottom of my ldif file, can I run
ldapadd using that ldif file without running into any
trouble because entries above are already existing?
2. How about attributetype and objectclass:
Can I include any attributetype in an entry, provided
that the correct schema files which contains those
attributes where included?
Are objectclass necessary in each entry?
Quoting from intro.html:
"In addition, LDAP allows you to control which
attributes are required and allowed in an entry
through the use of a special attribute called
objectClass. The values of the objectClass attribute
determine the schema rules the entry must obey."
..Or does this mean that if I were to indicate an
"objectclass: person" in an entry, I am enforcing the
inclusion of a "cn" or "sn" attributetype in that
particular entry knowing the the "person" objectclass
in core.schema has a MUST "sn $ cn"?
3. I tried creating my very first ldif with the
following contents, on top is the entry for our
domain, camlann.pregi.net and following it are entries
for 3 persons. After running ldapadd -x -D
"cn=matato,dc=camlann,dc=pregi,dc=net" -W -f
camlann.ldif, I got these messages:
Enter LDAP Password:
adding new entry "dc=camlann,dc=pregi,dc=net"
adding new entry "cn=Mark Jayson R
Alvarez,dc=camlann,dc=pregi,dc=net"
ldap_add: Naming violation (64)
additional info: value of naming attribute
'cn' is not present in entry
Would you happen know what's wrong with my ldif, or
where should I start if I were to learn how to create
an ldif file the right way?
<<< camlann.ldif >>>
___________________________________________
dn: dc=camlann,dc=pregi,dc=net
objectclass: dcObject
objectclass: organization
o: ASTI
dc: camlann
description: Advance Science and Technology Institute
dn: cn=Mark Jayson R
Alvarez,dc=camlann,dc=pregi,dc=net
cn: Jayson
cn: matato
sn: Alvarez
objectClass: person
dn: cn=Bayani Benjamin R
Lara,dc=camlann,dc=pregi,dc=net
cn: Bani
cn: Ban
objectClass: person
sn: Lara
dn: cn=Mark Christian D
Mijares,dc=camlann,dc=pregi,dc=net
cn: Yanyan
cn: yan yan
objectClass: person
sn: Mijares
___________________________________________________
Thank you very much for your time.
Sincerely,
Mark Jayson
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com